Contrast Security - Software Development Solution
Company: Contrast Security, Inc., Los Altos, CA
Entry Submitted By: SHIFT Communications
Company Description: Contrast is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks. Contrast enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast sensors work actively inside applications to secure the entire enterprise.
Nomination Category: New Product & Service Categories - Software
Nomination Sub Category: New Product or Service of the Year - Software - Software Development Solution
Nomination Title: Contrast Security
Tell the story about this nominated product or service (up to 650 words). Describe its function, features, benefits, and performance to date:
Contrast Security’s flagship product, Contrast, secures applications from the inside using a technique called “deep security instrumentation.” This technique essentially weaves vulnerability detection, attack protection, and visibility directly into applications without any changes to the code, or how the code is developed, tested, or deployed. The Contrast technology platform includes both Contrast Protect, the company’s runtime application self-protection solution (RASP), and Contrast Assess, its interactive application security testing (IAST) tool. Together, these two solutions make applications self-protecting where they are vulnerable and defend themselves against attacks. While these applications are running, highly accurate context is instantly generated about where applications are vulnerable and under attack. Contrast truly heralds the new era of self-protecting software.
Contrast Assess focuses on vulnerability discovery and remediation, and is named by Gartner as a leader in IAST. Gartner states: “The goal of IAST is fast and accurate security testing that is suitable for use in development, where minimal security expertise is present and accurate results are needed quickly.” That’s the bottom line with Contrast Assess: it gets better results. Just imagine if false positives could be eliminated, while catching more than previous static application security testing (SAST) and dynamic application security testing (DAST) tools ever could. Contrast Assess deploys an agent that instruments the application with smart sensors to analyze code in real time from within the application and therefore achieves (a line is missing here, and I can’t remember what it should say). The result: continuous security where 99% of false positives are eliminated.
Contrast Protect delivers real-time monitoring and blocking of attacks. Contrast Protect uses patented, deep security instrumentation to gain insight into exactly how attacks behave. The better the insight, the more effective at protecting applications. Unlike web application firewall (WAF) and intrusion prevention system (IPS) solutions, no network configuration is necessary. Contrast Protect doesn’t need to “learn” applications – instead it becomes part of them. And, unlike other RASP solutions, Contrast does not require any changes to applications or the runtime environment. Even under the heaviest attack load, Contrast Protect provides sub-millisecond protection. Because protection is infused directly into the applications themselves, there is no faster way to enforce security policy.
Ultimately, modern software development requires continuous security to go along with continuous integration, delivery and deployment. Contrast delivers on the vision of self-protecting software. Truly self-protecting software has the ability to detect its own vulnerabilities and defend itself against attacks. Contrast has integrated both capabilities into a single application layer agent that distributes the work of application security while enabling centralized policy management and control. Contrast’s approach integrates the capabilities of static, dynamic, interactive, SCA, and configuration analysis together with the capabilities of WAF, bot blocking, and CVE shields into a single unified platform.
Contrast is truly different in both philosophy and technology from any existing application security technology. When it comes to accuracy, Contrast scores a perfect 100% against the 21,000 test cases in the OWASP Benchmark Project, while the top legacy tools scored only 33%. When it comes to speed, Contrast works in real time so developers and testers get instant results. Meanwhile, legacy solutions took hours or days to complete the OWASP Benchmark. When it comes to scalability, Contrast works continuously – and is fully automated – across very large enterprise application portfolios in parallel in real time. Contrast recognizes continuous, up-to-date visibility is critical for informed security decision-making.
Contrast technology is a lightning bolt that shatters all previous thinking about software application security. Contrast changes security from a small, underfunded, undermanned department into an agile, ubiquitous, always-ready, always-on army of self-protection with the highest accuracy and best results. More than a security tool, Contrast technology is an intelligent agent that powers a new era of self-protecting software.
In bullet-list form, briefly summarize up to ten (10) of the chief features and benefits of the nominated product or service (up to 150 words).
• Contrast is the only product that can defend an application portfolio throughout the entire software lifecycle by providing three layers of defense: Protection, Assessment and Visibility.
• Contrast makes software self-protecting so it can defend itself from vulnerabilities and attacks and eliminates risk to software applications and their data.
• Contrast employs its patented deep security instrumentation to eliminate risk to software applications and their data, enabling businesses to innovate faster and sleep at night.
• Contrast empowers developers to build secure applications with real time vulnerability analysis and unprecedented, proven accuracy for every developer, tester and application security professional.
• Contrast has intelligent agents that work actively inside applications – whether on premise, in the cloud, or containers - to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.